Security experts always recommend that organizations install the latest patches when they become available but this advice has gone unheeded by many owners of Fortinet's enterprise VPN (opens in new tab) devices.
Back in 2019, the path traversal vulnerability in the web portal of FortinetOS’ SSL VPN devices (tracked as CVE-2018-13379 (opens in new tab)) became widely known. While the issue was addressed and patched by the company, a large number of organization have not yet applied Fortinet's critical security update released several years ago.
Now the UK's National Cyber Security Centre (NCSC (opens in new tab)) has released a new advisory warning that cybercriminals as well as Advanced Persistent Threat (APT) actors are actively scanning for unpatched VPN servers and attempting to exploit the CVE-2018-13379 vulnerability. In fact, so many companies have failed to apply the security update that ready-made lists containing the IP addresses of vulnerable servers and internet-facing devices started appearing on dark web forums (opens in new tab) last fall.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab) <<
- We've compiled a list of the best business VPN (opens in new tab) services available
- These are the best endpoint protection (opens in new tab) solutions on the market
- Also check out our roundup of the best Windows 10 VPN (opens in new tab)
One of the ways in which cybercriminals are now actively leveraging the vulnerability is to install the Cring ransomware (opens in new tab)on unpatched VPN servers according to a recent report from Kaspersky.
In its new advisory (opens in new tab) the NCSC warned organizations that they should assume any unpatched devices are already compromised, saying:
“The NCSC is advising organisations which are using Fortinet VPN devices where security updates have not been installed, to assume they are now compromised and to begin incident management procedures. Users of all Fortinet VPN devices should check whether the 2019 updates have been installed. If not, the NCSC recommends that as soon as possible, the affected device should be removed from service, returned to a factory default, reconfigured and then returned to service.”
In addition to being infected with the Cring ransomware, the NCSC, CISA and FBI (opens in new tab) have all warned organizations that nation-state hacking groups are actively scanning for unpatched devices in order to gain access to networks to carry out cyber espionage (opens in new tab) campaigns.
Failing to install the latest patches in one thing but when a security update was released two years ago, organizations have no excuse as to why they've put off applying it. If you company uses Fortinet VPN devices, you should check to see if the latest updates have been applied and if not, they should be installed immediately to avoid falling victim to ransomware and other attacks that exploit the CVE-2018-13379 vulnerability.
- We've also featured the best antivirus (opens in new tab)
Via ZDNet (opens in new tab)